Splunk Search

Discussions

Thread Info

Routing the data to a different Index via Regex

Hello, We have a source ABC sending us logs and are being stored inside an index called all_logs. From that source...

by Communicator in

How to replace a dynamic string in an event?

I want to replace a dynamic string in an event.. Example: error occurred from the server ABCXYZ12345ABCXYZ under lend...

by Explorer in

is it possible to use json file with csv lookup file?

Hi all, i have used csv lookup file to csv files to map the values . Can i use json file instead of csv file to map t...

by Communicator in

splunk event time and timestamp on log file is not matching.

splunk event time and timestamp on log file is not matching. Our log file has below entry for timestamp "2020-02-20 1...

by Communicator in

Correlate two events with one common field value

Hello, I have some logs with a common field and I'd like to correlate them. here my first event: 26/02/202...

by Path Finder in

how to pass filter token based on filter value in search query?

Hi, I have below multiselect filter , based on username="ABC" , I need to display two more filters.( ip, city) And wh...

by Explorer in

how to get my duration from transaction

my search query is this: DESCRIPTION="sump pump" OR (DESCRIPTION="ejector pump" AND DESCRIPTION="run/stop") | rex ...

by Explorer in

question on stats and blank values

i have a table like below. cola:colb:colc:cold 1::2:3: :::: 1:2:3:4 when i do a stats , i only get non-null values...

by Builder in

AD user modification

Hi All I have an AD Account how can i know what modifications has been done in last one month on this account from...

by Explorer in

Using Eval and stats together

I am trying to feed the results of (2) subsearches into and eval search. | eval Average=data/asstes [stats sum(dat...

by New Member in

How to add commas into a number and make the final result a string?

hi there, I need to add decimal comma separation for a long number such as 2546788 that is, 2,546,788 Then I need to ...

by Communicator in

How to use multisearch for inputlookup tables ? please provide an example.

I want to check data from two different lookup tables and relate it using multisearch command.

by New Member in

Trim string after second exclamation mark

Hi, I have a field called SESSION_ID which has a value "0cdWYCu982HhTjoSYMUgnrCIW8c1apbU!1706637738!1581997108157" I ...

by Loves-to-Learn Everything in

Metric Index problem with null values

I am running Splunk Enterprise 8.0.1 monitoring files with a universal forwarder and putting info from csv files into...

by Explorer in

Compare columns in same table

Hello, I have the following table: column1 column2 Andrew Andrew George George Paris Berlin I would like to ...

by Engager in

DB Connect - another "index 1 is out of range" - how to fix it?

Trying to pull specific fields out of the database tables "LastContact" and listing the output with a timestamp (Last...

by Explorer in

How do I do sparklines based on lookup table data

Trying to create a sparkline from data in a lookup table monitor_user_traffic.csv has fields -user -traffic_dest_i...

by Builder in

Why Isn't My String Value (a multivalue field) Being Converted to a Number?

Hello, I've checked many of the Answers pages, but to no avail. In my table, the value "appears" to be converted f...

by Builder in

How can I get the occurrence of a field in events as a percentage, when the field names are unknown (dynamic per event)?

I have events with JSON in them and I need to know what % of the time each field appears. The fieldset in the even...

by Explorer in

GeoLite IPLocation discrepancy

Good Afternoon everyone! We seem to be encountering a discrepancy with our IPLocation database. We're running Splu...

by Explorer in

permissions are not granted for Office 365 Management Activity API and permissions are not granted for ThreatIntelligence Read

not able to get logs into splunk regarding O365 Management activity and threatintelligence. due to this MSO365 app fo...

by New Member in

delta command doesn't return accurate results if i have multiple delta in the search

My search is index="xxx" sourcetype="yyy" topic=IN* | stats list(message_count) as message_count by _time topic | x...

by New Member in

rex command help...

Hi All, my data is like below-- I want to extract when it has string ignore numbers 853727-gcplusrspcndb01.usa....

by Motivator in

How can I list all the scheduled searches?

We have some spikes for concurrent search jobs? therefore, how can I list all the scheduled searches for a given mome...

by Motivator in

How to change the timechart x-axis label

I did a timechart and span= 1w, my time range is from Jan1. 2020(Wednesday) but the label on x-axis is Mon Dec30. 201...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Routing the data to a different Index via Regex

How to replace a dynamic string in an event?

is it possible to use json file with csv lookup file?

splunk event time and timestamp on log file is not matching.

Correlate two events with one common field value

how to pass filter token based on filter value in search query?

how to get my duration from transaction

question on stats and blank values

AD user modification

Using Eval and stats together

How to add commas into a number and make the final result a string?

How to use multisearch for inputlookup tables ? please provide an example.

Trim string after second exclamation mark

Metric Index problem with null values

Compare columns in same table

DB Connect - another "index 1 is out of range" - how to fix it?

How do I do sparklines based on lookup table data

Why Isn't My String Value (a multivalue field) Being Converted to a Number?

How can I get the occurrence of a field in events as a percentage, when the field names are unknown (dynamic per event)?

GeoLite IPLocation discrepancy

permissions are not granted for Office 365 Management Activity API and permissions are not granted for ThreatIntelligence Read

delta command doesn't return accurate results if i have multiple delta in the search

rex command help...

How can I list all the scheduled searches?

How to change the timechart x-axis label

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...